mik-laj commented on pull request #18336: URL: https://github.com/apache/airflow/pull/18336#issuecomment-922333195
There is another problem with that. Currently, when you pass an empty string to the `AIRFLOW__CORE__FERNET_KEY` environment variable, secret encryption is turned off. This is commonly used by docker-compose, which provides strict network isolation and is designed to be run on a single node, so fernet is only a hindrance to deployment and offers no benefit. https://github.com/apache/airflow/blob/a54f8d6b0ce9fd2a2387ccbc11f543d86212ca35/docs/apache-airflow/start/docker-compose.yaml#L58 https://github.com/apache/airflow/blob/main/UPDATING.md#fernet-is-enabled-by-default https://github.com/apache/airflow/blob/a54f8d6b0ce9fd2a2387ccbc11f543d86212ca35/airflow/models/crypto.py#L80-L83 When the user does not specify a key, a random key is generated. https://github.com/apache/airflow/blob/a54f8d6b0ce9fd2a2387ccbc11f543d86212ca35/airflow/configuration.py#L847 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
